Linux Kernel PolarFire SoC Out-of-Bounds Access Vulnerability in Clock Driver

A vulnerability in the Linux kernel clock driver for Microchip PolarFire SoC has been addressed. The issue involved an out-of-bounds access during the registration of output dividers for certain clock IDs. This occurred because the driver only allocated space for two Phase-Locked Loops (PLLs) and their corresponding output dividers, while the defined IDs included two Delay-Locked Loops (DLLs) and their outputs, which the driver does not support. The vulnerability has been fixed by adjusting the output IDs to prevent the out-of-bounds access.

Impact

The vulnerability could lead to undefined behavior due to the out-of-bounds access, which may include memory corruption or crashes.

Reproduction

The vulnerability can be reproduced by registering clock outputs for DLLs that are not supported by the Microchip PolarFire SoC clock driver. This can be done by defining clock IDs that include DLL outputs, which will cause the driver to access memory outside of the allocated bounds, as reported by Undefined Behavior Sanitizer (UBSAN).

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.